OpenSSL › OpenSSL - User

PKCS#7

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

4 messages Options

milivoj.fradelic

PKCS#7

Hi!

I need to convert PKCS#7 attached signatures to PKCS#7 detached signatures.

Is it possibly? Is there any example?

Thanks anyway!

Bernhard Fröhlich-2

Re: PKCS#7

[hidden email] wrote:

>
> Hi!
>
> I need to convert PKCS#7 attached signatures to PKCS#7 detached
> signatures.
>
> Is it possibly? Is there any example?
>
> Thanks anyway!

Since noone else answered I'll thay the little I believe to know about
the subject... ;)

I don't think doing this is possible using the openssl utilitoies, but
it might be done using the ASN1 APIs. Maybe you should have a look at
the asn1parse utility (apps/asn1pars.c) as a staring point.

And tell me if you find out more.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26

smime.p7s (4K) Download Attachment

Rabellino Sergio

Re: PKCS#7

Bernhard Froehlich wrote:

> [hidden email] wrote:
>
>>
>> Hi!
>>
>> I need to convert PKCS#7 attached signatures to PKCS#7 detached
>> signatures.
>>
>> Is it possibly? Is there any example?
>>
>> Thanks anyway!
>
>
> Since noone else answered I'll thay the little I believe to know about
> the subject... ;)
>
> I don't think doing this is possible using the openssl utilitoies, but
> it might be done using the ASN1 APIs. Maybe you should have a look at
> the asn1parse utility (apps/asn1pars.c) as a staring point.
>
> And tell me if you find out more.
> Ted
> ;)
>

You can give a chance to openssl, viewing around the smime option.
You must convert your pkcs#7 back to smime, then take a look at the
-nodetach implementation in the smime, maybe you can find the exact way
to do the detach
conversion.

Hope this helps.

--
Dott. Mag. Sergio Rabellino

Technical Staff
Department of Computer Science
University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Dr. Stephen Henson

Re: PKCS#7

In reply to this post by Bernhard Fröhlich-2

On Tue, Jan 17, 2006, Bernhard Froehlich wrote:

> [hidden email] wrote:
>
> >
> >Hi!
> >
> >I need to convert PKCS#7 attached signatures to PKCS#7 detached
> >signatures.
> >
> >Is it possibly? Is there any example?
> >
> >Thanks anyway!
>
> I don't think doing this is possible using the openssl utilitoies, but
> it might be done using the ASN1 APIs. Maybe you should have a look at
> the asn1parse utility (apps/asn1pars.c) as a staring point.
>
>

It is possible with some caveats.

Basically you have to poke around the PKCS7 structure, get get hold of the
content ASN1_OCTET_STRING struture, create a BIO out of it and then zero out
the field so the PKCS7 structure no longer includes the content.

The caveats are that the format of the included content may not be appropriate
for the detached content for (MIME multipart/signed format). In particular
that MIME type requires valid MIME headers and canonical format for the
first (to be signed) part. If the embedded content isn't of that form it can't
be translated without breaking the signature.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]